Until I attended an in depth Microsoft Forefront Security training course recently, I  did not know what the full benefits of implementing Forefront Security into an IT environment would accomplish.

After having the luxury of playing around with some Microsoft Forefront Security Products in lab environments, I now realise the potential benefits of using Forefront Security in any environment. Microsoft’s main strategy with Forefront clearly is to create a more stable and secure IT environment for its customers, by combining a suite of security products that when combined and used in conjunction with each other can provide a pretty fascinating mind relaxing secure environment. With security obviously being the main area to tread carefully in any IT situation these days, Forefront is definitely heading in the right direction for a more stable, safer, flexible and robust environment.

Forefront breaks up into three main areas 1) Forefront Client Security – A client application installed on the client pc, in my opinion it has a familiar look and feel to Windows Defender, but loaded up with a much better scanning engine 2) Forefront Server Security – Consists of multiple applications installed on MS servers 3) Forefront Edge – Two main products used together to protect your network/s, and provide an easily managed secure remote workplace for any mobile device or mobile user.

The breakdown of the three main categories;

Forefront Client Security

Includes the one application that is installed onto your computers and laptops. This app performs real time scanning of threats on your computers and laptops. It not only searches for spyware, it also searches for threats such as viruses, Trojans, rootkits and malware. The malware engine has the ability of scanning and removing infected files from within protected archives and packers. Forefront Client Security have been named as a Finalist for Info Security 2008 Global Excellence in Anti-Malware.

Solution Forefront Server Security

The two main products that make up the Forefront Server Security is Forefront Security for Exchange Server and Forefront Security for Sharepoint, there is also a Forefront Server Security Management Console that is used for administrators to easily and efficiently manage the configuration, deployment, updating, and reporting for Forefront server security products throughout the enterprise. Forefront for Exchange and Sharepoint uses multi antivirus engines, the multiple antivirus scan engines consists of Authentium Command Antivirus engine, AhnLab engine, CA Vet engine, Kaspersky Labs engine, Norman Data Defense engine, Microsoft Antimalware engine, Sophos Virus Detection engine and the VirusBuster AntiVirus engine. Any five of the above can be used simultaneously to ensure maximum threats are detected.

Forefront Security for Exchange and Sharepoint uses five different levels of scanning depending on the level of security needed compared against the performance requirements, you can set scanning to scan items using the best performance option where only one scan engine is used to scan files, or you could jump to the other end of the scale where the need for security is much higher and you configure files to be scanned by all five scanning engines.

By default, Forefront is scheduled to retrieve and install signatures each hour, with each engine set to start five minutes after the other, so if one scanning engine is behind on updating their signature definitions and there is a potential threat outbreak you can rest assured that one of the other four engines would be on their game and have the signatures updated. If you were to opt for the maximum security scanning of files, using the five engines to scan files, it has been estimated of adding an extra 8% CPU usage, so you will need to look at your current Exchange and Sharepoint servers to ensure that you have these resources available.

So as you can imagine, with an option to choose five out of nine well known antivirus engines, the option of how and when to scan files, the option of how  to scan each file according to the level of security needed weighed up against performance requirements you have a pretty secure and reliable environment.

Forefront Edge

Consisting of MS Internet Security and Acceleration Server 2006 (ISA) and a Whale Communications product called Intelligent Application Gateway (IAG). My favourite little gadget out of the Forefront Security suite was the IAG, this is easy to install, easy to configure (wizard driven configuration of complex security policies that enhance productivity and security) and is pretty much at optimal levels straight out of the box. IAG provides SSL-based application access and protection with endpoint security management, enabling granular access control and deep content inspection from a broad range of devices and locations to the line of business intranet, and client /server resources. Using IAG and ISA together allows for pretty much any staff, at any level (ie; contractor, CEO, part time or Joe Blog that is not even aware of the 306 Trojans and Spyware on his laptop that pops up in his face every ten minutes), from any location (ie; kiosk, home, CBD Hot Spot or Mount Everest) working from any device (ie; workstation, laptop, pda or mobile phone) to have secure policy based access to your corporate IT Infrastructure. You can pick and choose what security levels endpoint client must meet before they can gain access to your network, a client may meet half way and you can give them restricted access defining which parts of an application or even which files they have access to.